Announcement

Collapse
No announcement yet.

Virtual lab for Active Directory (multiple Forest)

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Virtual lab for Active Directory (multiple Forest)

    I am looking to expand my virtual lab to learn active directory. The setup I am looking for is basically 2 AD forest's on 2 seperate networks. I basically want to practise DNS zone trust relationships, DHCP, and other networking scenarios covered in the 70-291 exam.

    I have tried downloading virtual router appliances but can never get them to route traffic between different private networks or in a WAN simulation. I use VMWARE WS 5.5.

    Does anybody have a similar setup? I appreciate any feedback.

    I was thinking of even expanding my lab to 2 physical machines with multiple VM's on both and have them communicate with each other. I am not sure if this is possible or what virtualization products I need.

  • #2
    Re: Virtual lab for Active Directory (multiple Forest)

    I use my linksys router for that with some static routes.

    I have the following networks:

    10.1.1.0 - My Home Network - Physical
    192.168.0.0 - Test Network 1 - Virtual
    192.168.1.0 - Test Network 2 - Virtual

    I always have one VM on each network with two network cards. One attached to 10.1.1.0 and the other to it test network, either 1 or 2 and the other VM on the other network is setup exactly the same.

    I then configure static routes in my linksys router to forward any traffic destined to 192.168.0.0 or 192.168.1.0 to the addapter of the VM which has the 10.1.1.0 ip address. I then have basis RRAS to allow routing through the VM to the IP address with the test network ID and voila. I can now ping an ip address on either network from any other network.

    I hope this is clear, I'm crap at drawing diagrams but if you dont understand then I can.

    Michael
    Michael Armstrong
    www.m80arm.co.uk
    MCITP: EA, MCTS, MCSE 2003, MCSA 2003: Messaging, CCA, VCP 3.5, 4, 5, VCAP5-DCD, VCAP5-DCA, ITIL, MCP, PGP Certified Technician

    ** Remember to give credit where credit is due and leave reputation points sigpic where appropriate **

    Comment


    • #3
      Re: Virtual lab for Active Directory (multiple Forest)

      I still have a few questions.

      First, what technology do you use to build your virtual machines? I'm using VMWARE workstation 5.5. Is it possible to configure static routes from a llinksys router to forward traffic to a virtual NIC? I thought it would only be able to do that for a physical NIC. Could you please elaborate more on this?

      Do you bridge your connection from the VM to your prod network 10.1.1.0 and then use a host only or custom connection to the Virtual 192.168.x.x network?


      I haven't did much with RRAS so excuse me if I am asking stupid questions but do you use RRAS on both VM's to forward the traffic from the production to the virtual NIC?

      Thanks for your help.

      Comment


      • #4
        Re: Virtual lab for Active Directory (multiple Forest)

        First, what technology do you use to build your virtual machines? I'm using VMWARE workstation 5.5. Is it possible to configure static routes from a llinksys router to forward traffic to a virtual NIC? I thought it would only be able to do that for a physical NIC. Could you please elaborate more on this?
        I use Virtual Server R2. Yes you can configure a linksys router (Most other routers allow this as well) to forward requestst to a virtual nic. The router doesn't know it's a virtual NIC. All it know is the host at ip address 10.1.1.5 is to be used to forward requests to the 192.168.0.0 network

        Do you bridge your connection from the VM to your prod network 10.1.1.0 and then use a host only or custom connection to the Virtual 192.168.x.x network?
        Yes - one nic is connected to the 10.1.1.0 network (Static IP address) and the other nic is connected to the virtual network 192.168.0.0

        I haven't did much with RRAS so excuse me if I am asking stupid questions but do you use RRAS on both VM's to forward the traffic from the production to the virtual NIC?
        I just configure simple LAN routing on the VM host that has two nic's. It allows traffic to route from the 10.1.1.x interface to t the 192.168.0.x interface

        Thanks for your help.

        Michael
        Michael Armstrong
        www.m80arm.co.uk
        MCITP: EA, MCTS, MCSE 2003, MCSA 2003: Messaging, CCA, VCP 3.5, 4, 5, VCAP5-DCD, VCAP5-DCA, ITIL, MCP, PGP Certified Technician

        ** Remember to give credit where credit is due and leave reputation points sigpic where appropriate **

        Comment


        • #5
          Re: Virtual lab for Active Directory (multiple Forest)

          Thanks for your reply. Know I know it is possible to expand my lab. First I am going to try and do my simple setup with 3 VM's on my host machine with one VM configured as RRAS using VMWARE WS 5.5. I will have to eventually expand to 2 machines as my next project will involve building avirtual citrix farm where it will require more resources then one PC.

          Dave

          Comment


          • #6
            Re: Virtual lab for Active Directory (multiple Forest)

            PS 4.5 will run sufficiently with 512 as long as you dont have too many users connecting to it.

            My VM machine has 2 gig. I had 1 DC and 2 Citrix server running with still enough resources for the OS. That's all you really need unless you want seperate Web Interface and Secure gateways.

            Anyways

            Good Luck

            Michael
            Michael Armstrong
            www.m80arm.co.uk
            MCITP: EA, MCTS, MCSE 2003, MCSA 2003: Messaging, CCA, VCP 3.5, 4, 5, VCAP5-DCD, VCAP5-DCA, ITIL, MCP, PGP Certified Technician

            ** Remember to give credit where credit is due and leave reputation points sigpic where appropriate **

            Comment


            • #7
              Re: Virtual lab for Active Directory (multiple Forest)

              OK, I setup static routes on my DSL gateway.

              Destination = 192.168.198.0 (LAN A)
              Netmask = 255.255.255.0
              Next Hop = 192.168.2.11 (IP of NIC)
              Interface = LAN


              Destination = 192.168.5.0 (LAN B)
              Destination = 255.255.255.0
              Next Hop = 192.168.2.10 (IP of NIC)
              Interface = LAN

              On each host I configured Routing and remote access for LAN routing only.

              Then, I added a static route from the command prompt to give me the following
              ================================================== =========================
              Active Routes:
              Network Destination Netmask Gateway Interface Metric
              127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
              192.168.2.0 255.255.255.0 192.168.2.11 192.168.2.11 10
              192.168.2.11 255.255.255.255 127.0.0.1 127.0.0.1 10
              192.168.2.255 255.255.255.255 192.168.2.11 192.168.2.11 10
              192.168.198.0 255.255.255.0 192.168.198.2 192.168.198.2 10
              192.168.198.0 255.255.255.0 192.168.2.11 192.168.2.11 10
              192.168.198.2 255.255.255.255 127.0.0.1 127.0.0.1 10
              192.168.198.255 255.255.255.255 192.168.198.2 192.168.198.2 10
              224.0.0.0 240.0.0.0 192.168.2.11 192.168.2.11 10
              224.0.0.0 240.0.0.0 192.168.198.2 192.168.198.2 10
              255.255.255.255 255.255.255.255 192.168.2.11 192.168.2.11 1
              255.255.255.255 255.255.255.255 192.168.198.2 192.168.198.2 1
              ================================================== =========================
              Persistent Routes:
              Network Address Netmask Gateway Address Metric
              192.168.198.0 255.255.255.0 192.168.2.11 10


              VM from LAN B

              C:\Documents and Settings\Administrator>route print

              IPv4 Route Table
              ================================================== =========================
              Interface List
              0x1 ........................... MS TCP Loopback interface
              0x10003 ...00 0c 29 8f b3 c3 ...... VMware Accelerated AMD PCNet Adapter
              0x10004 ...00 0c 29 8f b3 cd ...... VMware Accelerated AMD PCNet Adapter #2
              ================================================== =========================
              ================================================== =========================
              Active Routes:
              Network Destination Netmask Gateway Interface Metric
              127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
              192.168.2.0 255.255.255.0 192.168.2.10 192.168.2.10 10
              192.168.2.10 255.255.255.255 127.0.0.1 127.0.0.1 10
              192.168.2.255 255.255.255.255 192.168.2.10 192.168.2.10 10
              192.168.5.0 255.255.255.0 192.168.5.2 192.168.5.2 10
              192.168.5.2 255.255.255.255 127.0.0.1 127.0.0.1 10
              192.168.5.255 255.255.255.255 192.168.5.2 192.168.5.2 10
              224.0.0.0 240.0.0.0 192.168.2.10 192.168.2.10 10
              224.0.0.0 240.0.0.0 192.168.5.2 192.168.5.2 10
              255.255.255.255 255.255.255.255 192.168.2.10 192.168.2.10 1
              255.255.255.255 255.255.255.255 192.168.5.2 192.168.5.2 1
              ================================================== =========================
              Persistent Routes:
              Network Address Netmask Gateway Address Metric
              192.168.5.0 255.255.255.0 192.168.2.10 10


              Now from either subnet I can't ping the other LAN
              For example from HOST B trying to ping my server on HOST A or vice versa.
              C:\Documents and Settings\Administrator>ping 192.168.198.2

              Pinging 192.168.198.2 with 32 bytes of data:

              Destination host unreachable.
              Destination host unreachable.
              Destination host unreachable.


              I know it's probably something really stupid because honestly I have never tried multihomed routing through a Windows machine before. Any thoughts?

              Comment


              • #8
                Re: Virtual lab for Active Directory (multiple Forest)

                OK, finally a bit of progress.

                I reconfigured the VM's from scratch (LAN connections RRAS, static routes etc) and now I have one way connection over the network. I can ping from LAN A to LAN B but not from B - A.

                tracert from LAN A to B
                C:\Documents and Settings\Administrator>tracert 192.168.198.1

                Tracing route to SVRGOLD [192.168.198.1]
                over a maximum of 30 hops:

                1 <1 ms <1 ms <1 ms 192.168.2.1
                2 <1 ms <1 ms <1 ms SVRGOLD [192.168.198.1]

                Tracert from LAN B - A
                C:\Documents and Settings\Administrator>tracert 192.168.5.1

                Tracing route to 192.168.5.1 over a maximum of 30 hops

                1 6 ms <1 ms <1 ms 192.168.2.1
                2 * * * Request timed out.
                3 * * * Request timed out.

                I can ping both default gateways. What now?

                Comment


                • #9
                  Re: Virtual lab for Active Directory (multiple Forest)

                  Your Firewall on LAN A isn't blocking ping requests is it?

                  Michael
                  Michael Armstrong
                  www.m80arm.co.uk
                  MCITP: EA, MCTS, MCSE 2003, MCSA 2003: Messaging, CCA, VCP 3.5, 4, 5, VCAP5-DCD, VCAP5-DCA, ITIL, MCP, PGP Certified Technician

                  ** Remember to give credit where credit is due and leave reputation points sigpic where appropriate **

                  Comment


                  • #10
                    Re: Virtual lab for Active Directory (multiple Forest)

                    It was the IPEnableRouting registry entry on my host. Had to be set to value of 1. Anyway thanks for your patience and help.

                    Comment


                    • #11
                      Re: Virtual lab for Active Directory (multiple Forest)

                      No problem mate and thanks for posting back with the solution.

                      Michael
                      Michael Armstrong
                      www.m80arm.co.uk
                      MCITP: EA, MCTS, MCSE 2003, MCSA 2003: Messaging, CCA, VCP 3.5, 4, 5, VCAP5-DCD, VCAP5-DCA, ITIL, MCP, PGP Certified Technician

                      ** Remember to give credit where credit is due and leave reputation points sigpic where appropriate **

                      Comment

                      Working...
                      X